Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick aeb6bc551b60 from chromium #28089

Merged
merged 3 commits into from Mar 10, 2021
Merged

chore: cherry-pick aeb6bc551b60 from chromium #28089

merged 3 commits into from Mar 10, 2021

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Mar 10, 2021
edited

Prevent accessing shared buffers from audio rendering thread

The shared buffer in ScriptProcessorNode can be accessed by the
audio rendering thread when it is held by the main thread.

The solution suggested here is simply to expand the scope of
the mutex to minimize the code change. This is a deprecated
feature in Web Audio, so making significant changes is not
sensible. By locking the entire scope of Process() call, this
area would be immune to the similar problems in the future.

(cherry picked from commit 60987aa224f369fc0ea38c56e498389440921356)

Bug: 1174582
Test: The repro case doesn't crash on ASAN.
Change-Id: I2b292f94be65e6ec26c6eb0e0ed32b3fb2d88466
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2681193
Commit-Queue: Hongchan Choi hongchan@chromium.org
Reviewed-by: Raymond Toy rtoy@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#852240}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2715585
Commit-Queue: Krishna Govind govind@chromium.org
Reviewed-by: Srinivas Sista srinivassista@chromium.org
Cr-Commit-Position: refs/branch-heads/4324@{#2238}
Cr-Branched-From: c73b5a651d37a6c4d0b8e3262cc4015a5579c6c8-refs/heads/master@{#827102}

Notes: Security: backported fix for CVE-2021-21165.

@ppontes ppontes requested a review from a team as a code owner March 10, 2021 12:07
@ppontes ppontes added 11-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Mar 10, 2021
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Mar 10, 2021
@jkleinsc
Copy link
Contributor

Merging as CI failure is flake unrelated to this PR.

@jkleinsc jkleinsc merged commit 6ecf43c into 11-x-y Mar 10, 2021
@release-clerk
Copy link

release-clerk bot commented Mar 10, 2021

Release Notes Persisted

Security: backported fix for CVE-2021-21165.

@jkleinsc jkleinsc deleted the cherry-pick/11-x-y/chromium/aeb6bc551b60 branch March 10, 2021 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
11-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ppontes @jkleinsc @electron-bot